diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 54547226e..c1175f616 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -80,7 +80,7 @@ jobs:
       - name: (NonProd) Deploy AWS stacks
         if: github.repository == 'linz/geostore' && github.ref == 'refs/heads/master'
         run: |
-          poetry run cdk bootstrap aws://unknown-account/ap-southeast-2
+          poetry run env CDK_NEW_BOOTSTRAP=1 cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://unknown-account/ap-southeast-2
           poetry run cdk deploy --all --require-approval never
         env:
           GEOSTORE_ENV_NAME: nonprod
@@ -106,7 +106,9 @@ jobs:
           github.repository == 'linz/geostore' && (startsWith(github.ref, 'refs/heads/release-') ||
           startsWith(github.ref, 'refs/tags/release-'))
         run: |
-          poetry run cdk bootstrap aws://unknown-account/ap-southeast-2
+          poetry run env CDK_NEW_BOOTSTRAP=1 cdk bootstrap \
+          --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess \
+          aws://unknown-account/ap-southeast-2
 
       - name: (Prod) Report AWS stack changes before deployment
         if: >
diff --git a/.github/workflows/prod-upgrade-deploy-test.yml b/.github/workflows/prod-upgrade-deploy-test.yml
index e707c8382..ec6c728ea 100644
--- a/.github/workflows/prod-upgrade-deploy-test.yml
+++ b/.github/workflows/prod-upgrade-deploy-test.yml
@@ -102,7 +102,7 @@ jobs:
 
       - name: Deploy copy of production AWS stacks in to CI environment
         run: |
-          poetry run cdk bootstrap aws://unknown-account/ap-southeast-2
+          poetry run env CDK_NEW_BOOTSTRAP=1 cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://unknown-account/ap-southeast-2
           poetry run cdk deploy --all --require-approval never
 
       # checkout the branch
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f04f1f7b8..9cda246f5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -122,7 +122,7 @@ jobs:
 
       - name: Deploy AWS stacks for testing
         run: |
-          poetry run cdk bootstrap --strict aws://unknown-account/ap-southeast-2
+          poetry run env CDK_NEW_BOOTSTRAP=1 cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://unknown-account/ap-southeast-2
           poetry run cdk deploy --all --require-approval never --strict
 
       - name: Run non-infrastructure tests offline